A static analysis technique for defects detection in an application code has been widely used in practice for ensuring software quality and reliability of software through early detection of software defects. However, each of the alarm of one or more alarms generated is still a serious concern and it requires user's attention to classify it into true error or false warning (false positive) through manual inspection of the alarms.
Static analysis is performed by a tool called as static analysis tool and a static analysis tool usually results in one or more alarms. While it aims to report the program points of interest either as safe program points or error program points. The one or more alarms generated are the warning messages or simply the warnings to the user about a possible run-time error when the static analysis tool performing the static analysis is unable to decide their corresponding program points as errors or safe program points. A user is supposed to analyze each alarm manually. Each alarm requires dealing with utmost care, as the analysis of alarms is required to verify a software application. The review of alarm provides an assurance that there will be no system failure or an error at run-time by uncovering the true errors from the alarms generated through static analysis. This manual review of alarms is costlier, highly time consuming and tedious. Also, a repetitive manual review of alarms makes the analysis work of a user less interesting.
Accordingly, the present system and method is to identify one or more cause points of the alarms generated while carrying static analysis of the application code and to use alarm cause points for efficient and effective manual inspection of the alarms.